package filters

/**
* Filter rule attributes:
* controller - controller matching pattern, by default * is replaced with .* and a regex is compiled
* action - action matching pattern, by default * is replaced with .* and a regex is compiled
* regex (true/false) - use regex syntax (don't replace '*' with '.*')
* uri - a uri to match, expressed with as Ant style path (e.g. /book/**)
* find (true/false) - rule matches with partial match (see java.util.regex.Matcher.find())
* invert (true/false) - invert the rule (NOT rule)
*/

class AuthFilters {

    def filters = {
		//multiple tasks and controllers can be seperated by a "|" sign
		//the value must be in double quotes in order for this to work
        authenticate(controller:'*', action:"create|delete|edit|save|showData|showAuctions|showBid") {
            before = {
				//check if user is logged in
				//redirect to login view if not and return false to avoid execution of requested view
				//pass silently if user is logged in
				if(!session.user) {
					flash.message = "Bitte anmelden, um die Aktion auszufuehren."
					// add originally requested URI for redirect after successful authentication
					def redirectUri = request.forwardURI - request.contextPath
					if (redirectUri.contains("save") || redirectUri.contains("delete")){
						redirectUri = ""
					}
					redirect(controller:"user", action:"login", params:[targetUri:redirectUri])
					return false
				}
            }
            after = { }
            afterView = { }
        }//authenticate
		
	/*	admin(controller:'bid|user|auction', action:"delete|edit|update")	{
			before = {
				if( !(session?.user?.role == "admin") ){
					flash.message = "Nur Administratoren sind dazu berechtigt. Bitte erst mit einem Administratorkonto anmelden."
					redirect(controller:"user", action:"login")
					return false
				}
			}
		}//admin */
		
    }//filters    
}//class
